List of usage examples for org.bouncycastle.cms SignerInformation getSID
public SignerId getSID()
From source file:com.guardtime.ksi.trust.CMSSignatureVerifier.java
License:Apache License
public void verify(CMSSignature signature) throws CryptoException { Store certStore = signature.getSignedDataCertificates(); SignerInformationStore signerInformationStore = signature.getSignerInformationStore(); Collection<SignerInformation> signerCollection = signerInformationStore.getSigners(); if (signerCollection.isEmpty()) { throw new InvalidCmsSignatureException( "Invalid CMS signature. Signature does not contain SignerInformation element."); }//from w w w .j av a2 s . co m if (signerCollection.size() != 1) { throw new InvalidCmsSignatureException( "Invalid CMS signature. Signature contains multiple SingerInformation elements."); } SignerInformation signerInfo = signerCollection.iterator().next(); Collection certCollection = certStore.getMatches(signerInfo.getSID()); Iterator certIterator = certCollection.iterator(); if (certCollection.isEmpty()) { throw new InvalidCmsSignatureException( "Invalid CMS signature. Signer certificate collection is empty."); } X509CertificateHolder certHolder = (X509CertificateHolder) certIterator.next(); verifyCmsSignerInfo(signerInfo, certHolder); if (!trustStore.isTrusted(getCertificate(certHolder), certStore)) { throw new InvalidCmsSignatureException("Certificate that was used for singing isn't trusted"); } }
From source file:com.indivica.olis.Driver.java
License:Open Source License
public static String unsignData(String data) { byte[] dataBytes = Base64.decode(data); try {/* ww w . j a v a2s.c o m*/ CMSSignedData s = new CMSSignedData(dataBytes); CertStore certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = s.getSignerInfos(); @SuppressWarnings("unchecked") Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); while (it.hasNext()) { X509Certificate cert = null; SignerInformation signer = it.next(); Collection certCollection = certs.getCertificates(signer.getSID()); @SuppressWarnings("unchecked") Iterator<X509Certificate> certIt = certCollection.iterator(); cert = certIt.next(); if (!signer.verify(cert.getPublicKey(), "BC")) throw new Exception("Doesn't verify"); } CMSProcessableByteArray cpb = (CMSProcessableByteArray) s.getSignedContent(); byte[] signedContent = (byte[]) cpb.getContent(); String content = new String(signedContent); return content; } catch (Exception e) { MiscUtils.getLogger().error("error", e); } return null; }
From source file:com.infinities.keystone4j.utils.Cms.java
License:Apache License
@SuppressWarnings("rawtypes") public String verifySignature(byte[] sigbytes, String signingCertFileName, String caFileName) throws CMSException, CertificateException, OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException, CertPathBuilderException, InvalidAlgorithmParameterException, IOException, CertificateVerificationException { logger.debug("signingCertFile: {}, caFile:{}", new Object[] { signingCertFileName, caFileName }); Security.addProvider(new BouncyCastleProvider()); X509Certificate signercert = generateCertificate(signingCertFileName); X509Certificate cacert = generateCertificate(caFileName); Set<X509Certificate> additionalCerts = new HashSet<X509Certificate>(); additionalCerts.add(cacert);/* w ww . j a v a 2s. c o m*/ CertificateVerifier.verifyCertificate(signercert, additionalCerts, true); // .validateKeyChain(signercert, // certs); if (Base64Verifier.isBase64(sigbytes)) { try { sigbytes = Base64.decode(sigbytes); logger.debug("Signature file is BASE64 encoded"); } catch (Exception ioe) { logger.warn("Problem decoding from b64", ioe); } } // sigbytes = Base64.decode(sigbytes); // --- Use Bouncy Castle provider to verify included-content CSM/PKCS#7 // signature --- ASN1InputStream in = null; try { logger.debug("sigbytes size: {}", sigbytes.length); in = new ASN1InputStream(new ByteArrayInputStream(sigbytes), Integer.MAX_VALUE); CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(in.readObject())); Store store = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); int verified = 0; while (it.hasNext()) { X509Certificate cert = null; SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = store.getMatches(signer.getSID()); if (certCollection.isEmpty() && signercert == null) continue; else if (signercert != null) // use a signer cert file for // verification, if it was // provided cert = signercert; else { // use the certificates included in the signature for // verification Iterator certIt = certCollection.iterator(); cert = (X509Certificate) certIt.next(); } // if (signer.verify(new // JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) // verified++; } if (verified == 0) { logger.warn(" No signers' signatures could be verified !"); } else if (signercert != null) logger.info("Verified a signature using signer certificate file {}", signingCertFileName); else logger.info("Verified a signature using a certificate in the signature data"); CMSProcessableByteArray cpb = (CMSProcessableByteArray) s.getSignedContent(); byte[] rawcontent = (byte[]) cpb.getContent(); return new String(rawcontent); } catch (Exception ex) { logger.error("Couldn't verify included-content CMS signature", ex); throw new RuntimeException("Couldn't verify included-content CMS signature", ex); } finally { if (in != null) { in.close(); } } }
From source file:com.miguelpazo.signature.test.SignDataTest.java
public void verifyData(String envelopedData) throws Exception { CMSSignedData cms = new CMSSignedData(Base64.decode(envelopedData.getBytes())); Store store = cms.getCertificates(); SignerInformationStore signers = cms.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator();// www .jav a2 s.com // Object content = cms.getSignedContent().getContent(); // byte[] b = (byte[]) content; // byte[] dataSigned = Base64.encode(cms.getSignedContent()); System.out.println(cms.getSignedContent()); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = store.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certHolder); System.out.println("data => " + certFromSignedData.getSubjectDN().toString()); // byte[] data = Base64.encode(signer.getContentDigest()); // System.out.println(new String(data)); // if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certFromSignedData))) { // System.out.println("Signature verified"); // } else { // System.out.println("Signature verification failed"); // } } }
From source file:com.wewebu.ow.server.util.jar.OwJarVerifier.java
License:Open Source License
/** * Get Signature Certificates/* w ww . jav a 2 s.c om*/ * @return {@link X509Certificate}[] * @throws IOException * @throws CMSException */ @SuppressWarnings("rawtypes") public X509CertificateHolder[] getSignatureCertificates() throws IOException, CMSException { JarEntry signatureBlockEntry = getSignatureBlockEntry(); if (null != signatureBlockEntry) { InputStream inputStream = null; try { inputStream = jarFile.getInputStream(signatureBlockEntry); CMSSignedDataParser sp = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new BufferedInputStream(inputStream, 1024)); Store certStore = sp.getCertificates(); SignerInformationStore signers = sp.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); List<X509CertificateHolder> certificates = new ArrayList<X509CertificateHolder>(); while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = certStore.getMatches(signer.getSID()); Iterator certIt = certCollection.iterator(); X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); certificates.add(cert); } return certificates.toArray(new X509CertificateHolder[certificates.size()]); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException ex) { } } inputStream = null; } } return new X509CertificateHolder[] {}; }
From source file:com.yacme.ext.oxsit.cust_it.security.crl.RootsVerifier.java
License:Open Source License
private byte[] getFingerprint() { byte[] fingerprint = null; String sDispDate = ""; CertStore certs = null;/* w ww . j a va 2 s . co m*/ CMSSignedData CNIPA_CMS = null; try { CNIPA_CMS = getCNIPA_CMS(); Provider p = new org.bouncycastle.jce.provider.BouncyCastleProvider(); if (Security.getProvider(p.getName()) == null) Security.addProvider(p); try { certs = CNIPA_CMS.getCertificatesAndCRLs("Collection", "BC"); } catch (CMSException ex2) { m_aLogger.severe("getFingerprint", "Errore nel CMS delle RootCA", ex2); } catch (NoSuchProviderException ex2) { m_aLogger.severe("getFingerprint", "Non esiste il provider del servizio", ex2); } catch (NoSuchAlgorithmException ex2) { m_aLogger.severe("getFingerprint", "Errore nell'algoritmo", ex2); } if (certs == null) m_aLogger.severe("getFingerprint", "No certs for CNIPA signature!"); else { SignerInformationStore signers = CNIPA_CMS.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); if (c.size() != 1) { m_aLogger.severe("getFingerprint", "There is not exactly one signer!"); } else { Iterator<SignerInformation> it = c.iterator(); if (it.hasNext()) { SignerInformation signer = it.next(); //grab date AttributeTable att = signer.getSignedAttributes(); if (att.get(CMSAttributes.signingTime) == null) { //no date m_aLogger.info("getFingerprint()", "A date is NOT present on CA root archive signature !"); } else { Attribute atime = att.get(CMSAttributes.signingTime); //date present //@FIXME get date in a more clean way String sdate = atime.getAttrValues().toString(); sDispDate = "20" + sdate.substring(1, 3) + "-" + sdate.substring(3, 5) + "-" + sdate.substring(5, 7) + " " + sdate.substring(7, 9) + ":" + sdate.substring(9, 11) + ":" + sdate.substring(11, 13) + " UTC"; m_aLogger.debug("getFingerprint()", "A date is present: " + sDispDate); } Collection<?> certCollection = null; try { certCollection = certs.getCertificates(signer.getSID()); if (certCollection.size() == 1) { m_aRootSignatureCert = (X509Certificate) certCollection.toArray()[0]; fingerprint = getCertFingerprint(m_aRootSignatureCert); } else { //print an error? m_aLogger.severe("getFingerprint", "There is not exactly one certificate for this signer!"); } } catch (CertStoreException ex1) { //print an error? m_aLogger.severe("Errore nel CertStore", ex1); } } } } //grab the localized text to display String _format = "id_root_verify_message"; String _title = "id_root_verify_message_title"; String _no_fp = "id_root_verify_message_ko"; MessageConfigurationAccess m_aRegAcc = null; m_aRegAcc = new MessageConfigurationAccess(m_xCC, m_xMCF); try { _title = m_aRegAcc.getStringFromRegistry(_title); _format = m_aRegAcc.getStringFromRegistry(_format); _no_fp = m_aRegAcc.getStringFromRegistry(_no_fp); } catch (Exception e) { m_aLogger.severe(e); } m_aRegAcc.dispose(); String theFingerprint = ((fingerprint == null) ? _no_fp : formatAsGUString(fingerprint)); String _mex = String.format(_format, sDispDate, theFingerprint); DialogRootVerify aDialog1 = new DialogRootVerify(m_xFrame, m_xCC, m_xMCF, _mex); // DialogRootVerify aDialog1 = new DialogRootVerify( null, m_xCC, m_xMCF,_mex ); //PosX and PosY should be obtained from the parent window (in this case the frame) //the problem is that we get the pixel, but we need the logical pixel, so for now it doesn't work... int BiasX = ControlDims.RSC_SP_DLG_INNERBORDER_LEFT; int BiasY = ControlDims.RSC_SP_DLG_INNERBORDER_TOP; short ret; try { aDialog1.initialize(BiasX, BiasY); ret = aDialog1.executeDialog(); // ret = 0: NO // ret = 1: Yes if (ret == 1) { return fingerprint; } } catch (BasicErrorException e) { m_aLogger.severe(e); } catch (Exception e) { m_aLogger.severe(e); } } catch (FileNotFoundException ex) { m_aLogger.severe("getFingerprint", "Errore nella lettura del file delle RootCA: ", ex); } catch (CMSException e) { m_aLogger.severe("getFingerprint", "Errore nel CMS delle RootCA: ", e); } return null; }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param mp//from w ww.j ava 2 s .c om * @param certs * @param cte * @return * @throws MessagingException * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static Tuple verifySmimeDigSig(Multipart mp, Certificate[] certs, String cte) throws MessagingException, GeneralSecurityException, IOException, CertificateEncodingException { tstArgIsType("multipart", mp, MimeMultipart.class); tstObjArg("certs", certs); MimeMultipart mmp = (MimeMultipart) mp; SMIMESigned sc; SignerInformation si; byte[] digest = null; try { sc = isEmpty(cte) ? new SMIMESigned(mmp) : new SMIMESigned(mmp, cte); } catch (CMSException e) { throw new GeneralSecurityException(e); } Provider prov = Crypto.getInstance().getProvider(); Store s = new JcaCertStore(asList(true, certs)); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : sc.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to verify signature: no matching certificate"); } //else return new Tuple(sc.getContentAsMimeMessage(newSession()).getContent(), digest); }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param cert/*from w ww .j a v a2 s . co m*/ * @param data * @param signature * @return * @throws GeneralSecurityException * @throws IOException * @throws CertificateEncodingException */ public static byte[] verifyPkcsDigSig(Certificate cert, StreamData data, byte[] signature) throws GeneralSecurityException, IOException, CertificateEncodingException { tstObjArg("digital-signature", signature); tstObjArg("cert", cert); tstObjArg("input-content", data); Provider prov = Crypto.getInstance().getProvider(); SignerInformation si; CMSProcessable cproc; CMSSignedData cms; byte[] digest; if (data.isDiskFile()) { cproc = new CMSProcessableFile(data.getFileRef()); } else { cproc = new CMSProcessableByteArray(data.getBytes()); } try { cms = new CMSSignedData(cproc, signature); digest = null; } catch (CMSException e) { throw new GeneralSecurityException(e); } List<Certificate> cl = LT(); cl.add(cert); Store s = new JcaCertStore(cl); Collection<?> c; JcaSimpleSignerInfoVerifierBuilder bdr; for (Object obj : cms.getSignerInfos().getSigners()) try { si = (SignerInformation) obj; c = s.getMatches(si.getSID()); for (Iterator<?> it = c.iterator(); it.hasNext();) { bdr = new JcaSimpleSignerInfoVerifierBuilder().setProvider(prov); if (si.verify(bdr.build((X509CertificateHolder) it.next()))) { digest = si.getContentDigest(); break; } } if (digest != null) { break; } } catch (Exception e) { } if (digest == null) { throw new GeneralSecurityException("Failed to decode signature: no matching certificate"); } // else return digest; }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Verifies a signature against the passed certificate * * @param contentTransferEncoding one of 7bit quoted-printable base64 8bit * binary/*from ww w. j a v a 2 s . com*/ */ public MimeBodyPart verify(Part part, String contentTransferEncoding, Certificate cert) throws Exception { if (part == null) { throw new GeneralSecurityException("Signature verification failed: Mime part is absent"); } if (part.isMimeType("multipart/signed")) { MimeMultipart signedMultiPart = (MimeMultipart) part.getContent(); //possible encoding: 7bit quoted-printable base64 8bit binary SMIMESigned signed = null; if (contentTransferEncoding == null) { //the default encoding in BC is 7bit but the default content transfer encoding in AS2 is binary. signed = new SMIMESigned(signedMultiPart, "binary"); } else { signed = new SMIMESigned(signedMultiPart, contentTransferEncoding); } X509Certificate x509Cert = this.castCertificate(cert); X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(certHolder); SignerInformationStore signerStore = signed.getSignerInfos(); Iterator<SignerInformation> iterator = signerStore.getSigners().iterator(); while (iterator.hasNext()) { SignerInformation signerInfo = iterator.next(); if (!signerInfo.verify(verifier)) { StringBuilder signatureCertInfo = new StringBuilder(); //try to gain more information about the problem if (signerInfo.getSID() != null) { if (signerInfo.getSID().getSerialNumber() != null) { signatureCertInfo.append("Serial number (DEC): "); signatureCertInfo.append(signerInfo.getSID().getSerialNumber()); } if (signerInfo.getSID().getIssuer() != null) { if (signatureCertInfo.length() > 0) { signatureCertInfo.append("\n"); } signatureCertInfo.append("Issuer: "); signatureCertInfo.append(signerInfo.getSID().getIssuer().toString()); } } if (signatureCertInfo.length() > 0) { signatureCertInfo.insert(0, "Signature certificate information:\n"); } StringBuilder checkCertInfo = new StringBuilder(); KeystoreCertificate certificate = new KeystoreCertificate(); certificate.setCertificate(x509Cert); checkCertInfo.append("Verification certificate information:\n"); checkCertInfo.append("Serial number (DEC): "); checkCertInfo.append(certificate.getSerialNumberDEC()); checkCertInfo.append("\n"); checkCertInfo.append("Serial number (HEX): "); checkCertInfo.append(certificate.getSerialNumberHEX()); checkCertInfo.append("\n"); checkCertInfo.append("Finger print (SHA-1): "); checkCertInfo.append(certificate.getFingerPrintSHA1()); checkCertInfo.append("\n"); checkCertInfo.append("Valid from: "); checkCertInfo.append( DateFormat.getDateInstance(DateFormat.SHORT).format(certificate.getNotBefore())); checkCertInfo.append("\n"); checkCertInfo.append("Valid to: "); checkCertInfo .append(DateFormat.getDateInstance(DateFormat.SHORT).format(certificate.getNotAfter())); checkCertInfo.append("\n"); checkCertInfo.append("Issuer: "); checkCertInfo.append(x509Cert.getIssuerX500Principal().toString()); StringBuilder message = new StringBuilder("Verification failed"); message.append("\n\n"); message.append(signatureCertInfo); message.append("\n\n"); message.append(checkCertInfo); throw new SignatureException(message.toString()); } } return signed.getContent(); } else { throw new GeneralSecurityException("Content-Type indicates data isn't signed"); } }
From source file:ec.gov.informatica.firmadigital.signature.BouncyCastleSignatureProcessor.java
License:Open Source License
public byte[] verify(byte[] signedBytes) throws SignatureVerificationException { try {//from ww w. ja v a 2s .co m Signature sig = Signature.getInstance("Sha1withRSAEncryption"); CMSSignedData signedData = new CMSSignedData(signedBytes); CertStore certs = signedData.getCertificatesAndCRLs("Collection", "BC"); Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); for (SignerInformation signer : signers) { Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID()); if (!certCollection.isEmpty()) { X509Certificate cert = (X509Certificate) certCollection.iterator().next(); if (!signer.verify(cert.getPublicKey(), "BC")) { throw new SignatureVerificationException("La firma no verifico con " + signer.getSID()); } setCert(cert); } } CMSProcessable signedContent = signedData.getSignedContent(); System.out.println("Tiene:" + signedContent.getContent()); return (byte[]) signedContent.getContent(); } catch (GeneralSecurityException e) { throw new RuntimeException(e); // FIXME } catch (CMSException e) { throw new RuntimeException(e); // FIXME } }